WebHorizon not recommended

I believe I’ve waited long enough for them to tell me how my account was hacked instantly, they told me nothing. I got a refund.

But I pointed the domains to their server, and it had some PHP script that is put on compromised sites. I didn’t upload anything. I was getting an internal server error, and eventually it loaded, had no idea what it was, or how it got on there.

Another domain, in a different folder, same thing.

So either, using DuckDuckGo’s email, is a bad idea, and somebody got the password for my account, or the server was hacked. Can’t tell you which, they never said anything else.

They will most likely say I uploaded the suspicious PHP file, you’ll see on my drives, I don’t and never have had it. If they didn’t refund and delete it so quickly, they could have determined I didn’t upload it.

It’s possible in a server log somewhere, it says I never uploaded anything.

Using CloudLinux doesn’t mean it’s secure and can’t be hacked. Anything can be hacked. But I can see, their hosting is no more secure, then using a self managed VPS, possibly less secure, but you’ll have to email them and ask what happened. Now if they got the password because it was sent to a DuckDuckGo email that is forwarded to my real email, then DuckDuckGo isn’t secure.

It’s on shared hosting, from a different provider. Nothing hacked yet. Only one site is using WordPress, other sites are static. I won’t name the host, as then somebody will say I work for the other host or some bullshit.

The last reply was 21 d 22 hr ago. And the ticket is closed of course.

The other possibility is whatever is sending the email with my account password, was comprised. Or somewhere along the line, somebody could read it.

Looking at the first ticket I sent, looks like it was some kind of file manager. I don’t recall much, 21 days is a long time ago.

All I know, is I didn’t put that file manager on there. Why would I want a file manager? They even said the index.php isn’t default. You’d think they would be interested in what happened.

Their hosting might be cheaper then the provider I have now, and have a better location. Too bad it came with a file manager, that is installed to hacked sites.

Still cheaper then BuyVM, so who cares. I’m too lazy to manager a server, and bots make it slow.

Bummer

Looks like my host “fixed” their server. Instead of showing Cloudflare’s IP, it now shows the client’s IP.

That means if you get the IP of the server, you can easily bypass Cloudflare’s firewall. Yes, I could put my IP in the .htaccess instead. But then I have to remember to update that file, and Cloudflare.

So perhaps the bots can hammer wp-login.php now.

No idea if they only allow Cloudflare connecting IPs for sites using Cloudflare. Doing so by the firewall, could be hard. As that might apply to the entire server, and all sites, including those not using Cloudflare.

I’ll keep the workaround in my wp-config.php file, according to a simple PHP file to echo the IP address, it is indeed showing my IP now, so that workaround probably isn’t needed anymore.

That will make the stats show actual IP addresses though, instead of Cloudflare IP addresses.

Since it’s shared hosting, they can fix the bots hammering wp-login.php right?

And it looks like I need to email them. They changed my PHP version again. WordPress told me. Fucking annoying. I don’t want old PHP.

Hmm, if the server gets hacked because they changed my PHP version, it isn’t my fault right?

Hopefully what you use doesn’t require a newer PHP, as then your site will be dead, until you manually change it back.

RIP Chairman Meow

I think it was Tuesday, they murdered him. I call it murder, because that’s what it feels like when they put your pet down.

No crying yet, perhaps I don’t give a fuck anymore.

He was probably the best cat she ever had. He was super friendly. He liked sitting in my lap, until something happened, either I got fatter, or he couldn’t get comfortable anymore. He got mad at my sister’s dog Lilly for sitting in my lap once.

He couldn’t get in the litter box anymore, so was shitting on the floor, possibly pissing on the floor too, apparently they have to replace the floor in that room.

A vet decided to give him medicine for pain, that cats shouldn’t take. It gives them kidney failure. If you have a pet, lookup the medicine before paying for it. Or consult somebody else. You’d think the vet would know things. Apparently that one didn’t.

I forgot to see him before he died. The last day I had to do so, I forgot. That shows how much I care, apparently I don’t. I was playing with Bodhi, apparently he wanted me to play non stop. Not sure seeing him would do any good though, doesn’t sound like he was doing too good.

Oh I think I might have had a dream, about saying goodbye to Chairman Meow. Hard to say, I barely remember some dreams.

WordPress is fine, if the server is configured right

No more servers for me, that is that needs to be managed by me.

Somehow this shared hosting is faster. Apparently they know what they are doing, and I sure as hell don’t.

Kind of funny actually.

Just use MEGA for your storage needs. I don’t believe in storage providers that offer life time plans. Unless it’s a massive amount, it’s not sustainable. I’d rather pay MEGA, as I know they have a monthly income of money.

Too bad I didn’t backup ParanormalTom.com before canceling. I found an old backup though, so enjoy.

Paying $4 a month for shared hosting is well worth it. You don’t need to be smart, for fast sites. Cloudflare might be helping as well. I had BuyVM’s DDoS protection, which was another $3 a month.

Only one downside, only Cloudflare IPs are in the log. I fixed WordPress, the static sites don’t really matter. I searched for the problem, somebody with Drupal had the same issue, so I added what they said to add but to wp-config.php, now the IP is right.


$_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"] ? $_SERVER["HTTP_CF_CONNECTING_IP"] : $_SERVER["REMOTE_ADDR"];

That’s what I added. The LiteSpeed Cache plugin said not to use Cloudflare plugin, so I’m not. That only fixes WordPress, not the access log. Don’t think I can fix the access log, and I’m too fucking lazy to email them. Didn’t even want to email them to get SSH access. But SSH makes life easy.

The contact form can remain on that site, I deleted it after the backup. I just set the contact form to under attack, maybe less spam will show up in WordPress. It never emailed that junk to me, luckily. Still wasting system resources, every time they submit their spam.

Oh and if you access that site, not from Cloudflare, it should block you. You can do so with .htaccess.

Now, if it was a VPS, or dedicated server, you could make a firewall rule to do it.

ParanormalTom.com is gone

Looks like I don’t have a backup of it at all. Going to login to BuyVM, but they probably deleted my backups. Oh well.

That means, it too can be a static site. I’ll buy a cheap theme for it instead, too lazy to convert the old theme. Just buy a better HTML theme.

No I don’t like WordPress. Too much work. If it’s static HTML, I don’t have to update anything. Only ExtraVM does. Is uploading images with rsync supposed to be super slow?

Guess I should have got closer hosting.

Oh and Cloudflare made my other site faster. ExtraVM said to use Cloudflare for HTTPS DDOS protection.

I should have been using Cloudflare with BuyVM, and not paid for the DDOS protection. That wouldn’t solve the needing to manage the server problem though. I ain’t paying for server management, well you can get some kind of cloud management crap for cheaper.

But it’ll probably cost more then $4 or whatever ExtraVM costs.

That may have been stupid

Got angry and possibly depressed, and canceled my BuyVM server. Luckily, I forgot to pay it early anyways. So didn’t lose much money.

Didn’t want to manage it anyways. Now if the server gets hacked it’s their problem.

But speaking of hacked, the first host I tried, my site came hacked. I didn’t do anything, except point the DNS to it, confused to why it was getting a 500 internal server error.

This host only has servers in Texas in the US. So we’ll see how long my site remains online, republicans claim republicans allow freedom of speech, not if it’s insulting republicans. Trump went after an app because he got butt hurt.

I should have just got their Germany location, but when World War 3 starts, it might be impossible to access anything outside the US.

I would have went with SmallWeb, but their uptime link is dead. The host I went with is ExtraVM. And I could have saved 25% off the first month, oh well. I had to request SSH access. My key wasn’t working, probably a permission problem, I just deleted the .ssh folder I created, and used ssh-copy-id.

Only 10 GB of space, it’s the cheapest plan. So no more videos on my other blog, unless they are tiny. I could upload the videos somewhere else, but that’s too much work, and I hate YouToot.

I also hate cPanel, the reason I didn’t go with some other host, they also have a limit on the number of domains, ExtraVM doesn’t. I’ve never used this control panel before.

No recent backup for my paranormal site, so I may do nothing with it. I might have an old backup. But WordPress is a pain. They won’t suspend for resource abuse, if it’s all static, hopefully.

Yes, a VPS would be cheaper, but you get to manage the server. No thanks. I’d rather sit around and watch TV, then manage a server.

I won’t name the other host, I have no idea what happened. If my account somehow got hacked instantly, or their server is hacked. I used my Duck email, didn’t use that on ExtraVM.

All the other domains I added, also hacked on that host. I suspect the server was compromised. And every new site, gets that PHP file manager crap. After I saw it, I removed the domain pointer to their server, and canceled it. They surprisingly gave me a refund, it was cheap, so wasn’t expecting a refund. That’s never happened to me, that I signed up for hosting, and it came hacked. Hopefully they figure out what happened. I don’t think they are a bad host, anything can be hacked.

And ExtraVM has some bad links too. But I don’t know how much SmallWeb is in US dollars, might be the same or more. So there isn’t really any point in using them. The company that owns it is managed by somebody else now. Don’t know if that’s good or bad. I’m not using GitHub Pages, no idea how, and I don’t think it has enough space. Not to mention, that’s Microsoft. The way I upload my static sites, is very easy. It uses SSH and rsync. I just had to modify my scripts, and it’s good to go.

No Nextcloud anymore, but that’s why it cost over $12 a month.

That means no online backup of my photos. Unless I find something worth paying for. I probably won’t look, I was originally going to use Amazon, but Amazon Drive is going to be gone. Does Amazon Photos support videos too? And RAW files? And can I pay for storage or is it Prime only? I think I’ll risk losing all my photos.

Need to get a NVMe enclosure that can contain two or more NVMe SSDs. Use it for backup. If you buy a cheapo brand, you can get 2 TB drives for not too much. I don’t care about the speed. In that case, SATA might be cheaper, but bigger.

Do they make an enclosure that’s Thunderbolt, but also USB? Not USB 4, desktop doesn’t have that. So Thunderbolt of some kind, and USB 3 of some kind. No hardware RAID needed, I only use software RAID. But if it’s a software RAID, it probably won’t be compatible with Mac mini and Linux PC, one or the other. Since the Linux PC is cheaper to replace most likely, I should probably just get a USB NVMe enclosure. Not to mention, a Raspberry Pi can probably access it. It’s using Linux.